Security West 2019

Alissa Torres

Alissa Torres is an explorer at heart. Uncovering the full story of an attacker's exploits requires digging into known and unknown forensic artifacts, and this excavation is exactly what intrigues her. With more than 15 years of experience in computer and network security spanning government, academic, and corporate environments, Alissa has the deep experience and technical savvy to take on even the most difficult computer forensics challenges that come her way. Her current role as an Incident Response Manager at Cargill provides daily challenges "in the trenches" and demands constant technical growth. Alissa is also founder of her own firm, Sibertor Forensics, and has taught internationally in more than 10 countries.

Alissa was introduced to digital forensics during her four years of service in the U.S. Marine Corps. She moved on to various technical roles at KEYW Corporation, Northrop Grumman Information Systems, and as part of Mandiant's computer incident response team (MCIRT). Alissa has worked as an instructor at the U.S. Cyber Challenge Camps and at the Defense Cyber Investigations Training Academy (DCITA), delivering incident response and network basics to security professionals entering the forensics community. She is passionate about sharing knowledge, presenting annually at regional and national industry conferences and encouraging women's participation in science, technology, engineering, and math through regional outreach programs.

As both an investigator and instructor, Alissa has a constant and infectious desire to always learn more and question everything, an ethos embodied in the SANS DFIR classes. "Our curriculum ensures students gain an understanding of why an artifact matters and how the tools interpret the data." Alissa explains. An inquisitive nature can be the determining factor in investigative success, as Alissa learned when she identified a critical error in one of her team's web proxy timeline procedures. This discovery allowed for the correction of contractual fraud investigations involving the U.S. government. Sharing personal success stories like this one gives students real-world applications for the material they are learning and inspires them to evaluate and optimize their own investigative processes, whether in incident response, digital forensic investigations, or internal offensive reconnaissance.

As attackers learn how forensic investigators work, they become increasingly more sophisticated at leaving fewer traces behind. "We are in an arms race where the key difference is training," says Alissa. Toward that end, she encourages her students to ask more questions, grow the common body of knowledge, and make a difference in the digital forensics community. Her teaching style is best described as a type of "exposure therapy" that introduces concepts but then pushes students to get behind the keyboard and apply these concepts themselves.

Alissa's true passion is memory forensics, a rapidly evolving area of expertise for both attackers and defenders. As malware strives for a minimal footprint on the host, the battlefield exists in system memory. Alissa's students take the skills taught in FOR526 and move their investigations forward, in some cases even uncovering new details in their cases before the week-long class ends.

Alissa has a B.S from the University of Virginia and a M.S. in information technology from the University of Maryland. She is a GIAC Certified Forensic Analyst (GCFA), and holds the GCFE, GCIH, GSEC, CISSP, and EnCE certifications. Alissa has served as a member of the GIAC Advisory Board since 2013 and was recognized by SC Magazine as one of its "2016 Women to Watch." Needless to say, she stays pretty busy. When not enmeshed in metadata and memory structures, Alissa catches every soccer game she can, cheering at her kids' games and scheming to attend matches of her favorite team, Everton. In what time she has left from constant cybersecurity vigilance, Alissa enjoys hiking in the Puerto Rican rain forest and scaling rocks at Big Sur.

"I highly recommend Alissa and SANS computer forensics courses. In April 2015 I attended the SANS Forensics 508: Advanced Digital Forensics and Incident Response (FOR508) course. I had high expectations for the course based on my team lead's recommendation. Alissa and the course exceeded my expectations. Alissa is an outstanding instructor, and SANS FOR508 was the best information security course I have attended. She mixed energy, knowledge, and experience to keep the content productive, relevant, and interesting. I look forward to attending more SANS courses instructed by Alissa." - Chad Rager, Computer Forensic Engineer at ManTech

"This course is known throughout the industry as THE advanced IR and Threat Hunting course. This combined with Alissa's awesome teaching style makes it worth every penny! Alissa's subject matter expertise, enthusiasm, and insights are second to none! Her personalized attention to simulcast viewers was particularly nice because it felt like we were part of the class." - Will Harmon, Trustwave

"Instructors like Alissa are why people keep coming back to SANS. Awesomeness and non-stop energy. She is one of my favorite instructors I've had from SANS, right up there with the likes of Ed Skoudis, John Strand, and Eric Cole. A brilliant presenter who keeps it fun, informative, and turns what other people could make sleep inducing, into non-stop engaging." - Eric Donaldson, Discover Financial Services